Many businesses have become used to deploying cloud services, either through the use of Software-as-a-Service packages or by renting space on cloud servers. Virtualization is also common within corporate networks – a single computer can be shared remotely, seemingly offering each user a separate device.
Virtualization is also the secret that drives cloud computing – an account on a cloud system gives you a “virtual server”. Virtual networks also exist and they are the final piece in the puzzle to creating a unified view of all company resources covering many sites and cloud services. Perimeter 81 is in the business of creating virtual networks in all of their variations.
About Perimeter 81
Perimeter 81 started operations in 2018. It is an Israeli business, headquartered in Tel Aviv. The company also operates offices in New York and Los Angeles. The founders of Perimeter 821 still run the company – Amit Bareket is the company’s CEO and Sagi Gidali is its Chief Product Officer (CPO).
Bareket and Gidali generated the ideas for Perimeter 81 while operating their first business, which was called Safer Social Ltd. The main product of that company was SaferVPN. VPN stands for “virtual private network.” The concept was originally coined as a service for business. As the term suggests, it creates the privacy that private networks enjoy for connections that cross over the public medium of the internet.
VPNs have enjoyed a huge boom in the consumer market. The general public has discovered that these systems can be used to get around the regional blocks on many websites and video streaming services. They can also prevent internet service providers from identifying the activities of their customers and blocking access to government-banned sites.
Bareket and Gidali wanted to focus on the business community as a target market. Thanks to the expansion of virtualization into the creation of large networks and internet-based security services, the pair understood that there was a lot more that they could offer than just connection privacy.
SaferVPN was first released in 2013. As well as providing subscription packages to the general public, Safer Social strove to develop the business services side of the business. This business VPN system evolved into Perimeter 81, a separate business, in 2018. The two companies ran side by side until Bareket and Gidali sold Safer Social Ltd to J2 Global, Inc in July 2019.
J2 Global already owned four other VPN brands including IPVanish and StrongVPN. The company, now called Ziff Davis, decided to focus its VPN systems on just two products, so SaferVPN is now being merged into StrongVPN and is no longer accepting new customers.
Internet security and privacy
The concepts of security and privacy for internet connections are not the same thing, but they are very similar. Security for data in motion involves blocking snoopers from being able to read the contents of packets – this is achieved by encrypting the data payload of each packet. Data privacy requires that outsiders can’t even tell where the packet is going – this requires that the entire packet, including its header, is encrypted.
A packet can end up traveling anywhere to get to a given destination – the path isn’t planned even at the point that the packet leaves its origin. Thus, packet headers need to be openly legible by any router. They need to be in plain text. Encrypting packet header renders them untransferable. Thus, a VPN places the entirely encrypted packet inside another packet in a procedure that is called encapsulation. That outer packet is in plain text and is addressed to the server of the VPN service. So, even though outsiders can see where the packet is headed, this isn’t its true destination and the data payload cannot be read. So, privacy is enforced.
VPNs enable cloud services to be delivered to a network as though they were part of that network. Cloud-based firewalls, load balancers, DDoS protection systems, and network monitors rely on VPNs to secure the links between the host of the service and the protected network.
By mastering a VPN service, Bareket and Gidali had built the bones of an edge service. There were more services that their VPN knowledge could expand to.
Perimeter 81 services
Perimeter 81 has an ever-expanding list of services. These are:
- Business VPN
- Zero Trust Network Access
- Software-defined Perimeter
- Firewall as a Service
- Secure Web Gateway
- Secure Access Service Edge (SASE)
As you will see from the description of these services in the following sections. Each of these offerings builds on the basic foundations of a VPN service to provide increasingly more complex services.
Business VPN
The Business VPN service from Perimeter 81 is the company’s starting point, is based on the SaferVPN service. Perimeter 81 offers several different types of VPNs and some of these facilitate other services. The explicit VPN systems that they provide are:
- Site-to-Site VPN
- Always-on VPN
In a typical consumer VPN service, a piece of software needs to be installed on the subscriber’s computer. This is called the client. The visible part of the client is an interface in which the user chooses a destination for a VPN connection and then turns it on or off.
The benefit of these VPN services is that once the VPN connection is active, all of the traffic that the user sends out would seem to originate from that location. If a user in Germany wants to access a free video streaming site in the USA, such as abc.com, that site will check on the origin of the connection request and block this user for not being in the USA. With a US server selected and the VPN turned on, that German seems to be located in the USA and so is allowed access.
One problem for businesses is that they don’t need to appear to be somewhere else. They just need to enforce connection encryption – they need security rather than privacy. The protected session that runs between the user and the VPN server is called a tunnel. Traffic gets decrypted at the VPN server and then forwarded on to the desired destination with the VPN server’s IP address in the packet headers as the source address.
Responses to requests forwarded by VPNs will return to the VPN server. That server then has to forward the response to the client who originated the request. Thus, for the stretch of the journey of that traffic between the VPN server and the intended destination, the connection is unprotected, although the data payload may be encrypted by some other security system.
Site-to-Site VPN
The Site-to-Site VPN sets up each LAN or cloud platform used by the business with VPN server software. As this is a private VPN system, there are no external locations available to the user. Essentially, this is like a self-hosted VPN service. Thus, when the user selects a VPN server location, the client interface only presents a list of the business’s sites and platforms.
There is a secret twist to the self-hosted VPN model delivered by the Site-to-Site VPN. It is still hosted by Perimeter 81. All traffic passes through the Perimeter 81 VPN server, which establishes a second VPN connection through to the remote site. Think of this as a virtual switch.
When the VPN client connects to a specific remote location, the session is entirely tunneled from end to end. Once the traffic arrives at the remote LAN’s gateway, traffic is forwarded to specific endpoints in the same manner that regular LAN traffic is managed when it arrives from the internet. Tunneling is not necessary on the private network.
Always-on VPN
Not all network activity in a business is internal. Users will still need to refer to third-party websites for research, send and receive emails, and access other Web services. In the cases where the remote destination of a connection is not owned or managed by the company, control over connection security cannot be imposed. Thus, the traditional VPN format of tunneling to a proxy that then forwards traffic in both directions is the only option available. This is how the Always-on VPN service of Perimeter 81 works.
Secure Web Gateway
The Secure Web Gateway is an extra service that can easily be added to the Business VPN service. If all outgoing traffic is being processed through the Always-on VPN, it requires very little adaptation to add in controls over which sites business traffic can travel to.
The Secure Web Gateway allows systems administrators to block individual websites or groups of websites through wildcard name filters. Additionally, all Web access activities of each employee can be logged.
Firewall as a Service
The Perimeter 81 Firewall as a Service (FWaaS) package is a reverse proxy. This is an edge service and it can be implemented by the same server that Perimeter uses to implement its Always-on VPN.
While the Perimeter 81 server channels all traffic that comes out of a site, it can also be used to tunnel external traffic in. This technique requires DNS hijacking, which directs all traffic intended for the protected business to the Perimeter 81 servers instead – this is exactly how DDoS protection services, such as Cloudflare operate.
A backend VPN connection, which is already in operation for the Always-on VPN then protects all incoming traffic that is forwarded from the Perimeter 81 server to its destination on a client’s endpoint.
The FWaaS can be used to filter out DDoS attacks, block incoming connection requests, filter out malicious content, such as Trojans and malware, and block traffic from specific sources by IP address or domain name.
Perimeter 81 also enables traffic data collection through logging at its servers. This information can be fed through to a third-party SIEM or intrusion detection system (IDS) for security monitoring.
Zero Trust Network Access
Perimeter 81 offers a Zero Trust Network Access solution. ZTNA is a new method of applying system security. Traditionally, a business protects access to a piece of equipment, such as to a server, a PC, or pieces of equipment, such as a whole network. Access controls on files and directories shift the perspective of access controls away from physical items. This also takes to within a very short conceptual leap to ZTNA, which controls access to applications, or a set of resources such as a group of applications and a file space.
As an example of a scenario that would use ZTNA, if you have a Google Drive account, you can access files with a range of applications, including Google Docs and Google Sheets. You used credentials to get into that bundle of services but you don’t get access to the Google server and all of the systems hosted there.
ZTNA has become more relevant today because increasingly the software that businesses use is held in different locations. Therefore, the idea of giving a user login for a server becomes less and less relevant. Instead, with ZTNA, system administrators control access to applications.
Software-defined Perimeter
Software-defined Perimeter is a network version of ZTNA. While ZTNA protects access to applications, the Software-defined Perimeter grants access to the entire menu of services used by a business. The Software-defined Perimeter is a solution to the fragmented nature of hybrid systems. A worker might need to get access to a software package on a server that is connected to the local network and then access a SaaS package on the cloud, then save to a cloud storage space that is hosted on another platform.
Software-defined Perimeter is a Single Sign-On (SSO) system for such environments. The user logs into the Software-defined perimeter system and then gets access to a subset of all available services. Not every employee will get access to all of the software at the highest level. The Software-defined Perimeter also lays down access levels.
This service is particularly useful for businesses that have a lot of work-from-home employees or freelancers.
Secure Access Service Edge (SASE)
Secure Access Service Edge (SASE) is a combination of the Site-to-Site VPN, the Always-on VPN, and access rights management of the Software-defined Perimeter. Like the Software-defined Perimeter, this service is very good for managing work-from-home team members.
This service brings all of the other Perimeter 81 systems together. This service provides a unified network across multiple sites and platforms that seem to be a single network, even though many sections are running over the internet. Users log in once and then can access different applications, hosted in different locations with their login credentials for each service instantiated automatically behind the scenes.
Perimeter 81 packages
The sections above outline the main services of Perimeter 81 – there are more, but these are the big ones. The company delivers all of its services from its cloud platform, but each user needs a piece of software installed on the endpoint, which is akin to a VPN client.
Services are offered on a subscription basis but not individually. Instead, Perimeter 81 offers packages of services. Although there are many other systems included in the packages, such as support and a user portal, the allocation of services to packages is as follows:
Essentials – Minimum of 10 users, $8/month per user + $40/month per gateway
- Site-to-Site VPN
- Zero Trust Network Access
- Gateway throughput: 500 Mbps per gateway
Premium – Minimum of 10 users, $12/month per user + $40/month per gateway
- Site-to-Site VPN
- Always-on VPN
- Zero Trust Network Access
- Software-defined Perimeter
- Firewall as a Service – 10 policies
- Secure Access Service Edge (SASE)
- Gateway throughput: 1000 Mbps per gateway
Premium Plus – Minimum of 20 users, $16/month per user + $40/month per gateway
- Site-to-Site VPN
- Always-on VPN
- Zero Trust Network Access
- Software-defined Perimeter
- Firewall as a Service – 100 policies
- Secure Access Service Edge (SASE)
- Gateway throughput: 1000 Mbps per gateway
Enterprise – customized service, variable price
- Site-to-Site VPN
- Always-on VPN
- Zero Trust Network Access
- Software-defined Perimeter
- Firewall as a Service – unlimited policies
- Secure Access Service Edge (SASE)
- Gateway throughput: 1000 Mbps per gateway
The Secure Web Gateway service is an add-on module for any of the packages.
Perimeter 81 offers a demo of its systems. There is no free trial but you can back out once you have started using the service and get a refund in the first month, thanks to a money-back guarantee.
Pricing and Coupons
These rates are based on a yearly payment, which gets a 20 percent discount on the month-by-month plan. For example, the gateway rate is $50 per month when paid monthly.
Perimeter 81 is transforming the cybersecurity industry, offering complicated hybrid network security solutions on a per-user basis that mimics VPN pricing. As such, the Perimeter 81 packages offer an opportunity for businesses to get into complicated security systems, such as SASE and CASB at a discount rate.
Perimeter 81 strengths and weaknesses
By moving from VPNs into more complicated connection security products, Amit Bareket and Sagi Gidali started up a business that is at the cutting edge of the security systems that are vital for cloud-based services. Perimeter 81 is a rapidly growing business that offers an easy-to-use system in this complicated field.
We have identified several strengths and weaknesses with this service.
Pros:
- An easy-to-understand service
- Fine granularity over what services each user can access and what actions are allowed
- A solid security system based on VPNs
- Options over how to configure service access
Cons:
- A software-defined network service with IP address overlays would complete the package
- No free trial